CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2024-51745 – Wasmtime doesn't fully sandbox all the Windows device filenames
https://notcve.org/view.php?id=CVE-2024-51745
05 Nov 2024 — Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as "COM1", "COM2", "LPT0", "LPT1", and so on, however it did not block access to the special device filenames which use superscript digits, such as "COM¹", "COM²", "LPT⁰", "LPT¹", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with s... • https://en.wikipedia.org/wiki/ISO/IEC_8859-1 • CWE-67: Improper Handling of Windows Device Names CWE-184: Incomplete List of Disallowed Inputs •
CVSS: 2.9EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47813 – Wasmtime race condition could lead to WebAssembly control-flow integrity and type safety violations
https://notcve.org/view.php?id=CVE-2024-47813
09 Oct 2024 — Wasmtime is an open source runtime for WebAssembly. Under certain concurrent event orderings, a `wasmtime::Engine`'s internal type registry was susceptible to double-unregistration bugs due to a race condition, leading to panics and potentially type registry corruption. That registry corruption could, following an additional and particular sequence of concurrent events, lead to violations of WebAssembly's control-flow integrity (CFI) and type safety. Users that do not use `wasmtime::Engine` across multiple ... • https://github.com/bytecodealliance/wasmtime/pull/7969 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2024-47763 – Wasmtime runtime crash when combining tail calls with trapping imports
https://notcve.org/view.php?id=CVE-2024-47763
09 Oct 2024 — Wasmtime is an open source runtime for WebAssembly. Wasmtime's implementation of WebAssembly tail calls combined with stack traces can result in a runtime crash in certain WebAssembly modules. The runtime crash may be undefined behavior if Wasmtime was compiled with Rust 1.80 or prior. The runtime crash is a deterministic process abort when Wasmtime is compiled with Rust 1.81 and later. WebAssembly tail calls are a proposal which relatively recently reached stage 4 in the standardization process. • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_tail_call • CWE-670: Always-Incorrect Control Flow Implementation •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30266 – Wasmtime vulnerable to panic when using a dropped extenref-typed element segment
https://notcve.org/view.php?id=CVE-2024-30266
04 Apr 2024 — wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1. wasmtime es un tiempo de ejecución para WebAssembly. La versión 19.0.0 de Wasmtime contiene una regresión introducida durante su desarrollo que puede provocar que un módulo ... • https://github.com/bytecodealliance/wasmtime/commit/7f57d0bb0948fa56cc950278d0db230ed10e8664 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-41880 – Miscompilation of wasm `i64x2.shr_s` instruction with constant input on x86_64
https://notcve.org/view.php?id=CVE-2023-41880
15 Sep 2023 — Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits o... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd • CWE-193: Off-by-one Error •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-30624 – Wasmtime has Undefined Behavior in Rust runtime functions
https://notcve.org/view.php?id=CVE-2023-30624
27 Apr 2023 — Wasmtime is a standalone runtime for WebAssembly. Prior to versions 6.0.2, 7.0.1, and 8.0.1, Wasmtime's implementation of managing per-instance state, such as tables and memories, contains LLVM-level undefined behavior. This undefined behavior was found to cause runtime-level issues when compiled with LLVM 16 which causes some writes, which are critical for correctness, to be optimized away. Vulnerable versions of Wasmtime compiled with Rust 1.70, which is currently in beta, or later are known to have incor... • https://github.com/bytecodealliance/wasmtime/commit/0977952dcd9d482bff7c288868ccb52769b3a92e • CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior •
CVSS: 9.9EPSS: 2%CPEs: 6EXPL: 0CVE-2023-26489 – Guest-controlled out-of-bounds read/write on x86_64 in wasmtime
https://notcve.org/view.php?id=CVE-2023-26489
08 Mar 2023 — wasmtime is a fast and secure runtime for WebAssembly. In affected versions wasmtime's code generator, Cranelift, has a bug on x86_64 targets where address-mode computation mistakenly would calculate a 35-bit effective address instead of WebAssembly's defined 33-bit effective address. This bug means that, with default codegen settings, a wasm-controlled load/store operation could read/write addresses up to 35 bits away from the base of linear memory. Due to this bug, however, addresses up to `0xffffffff * 8... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.static_memory_guard_size • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2023-27477
https://notcve.org/view.php?id=CVE-2023-27477
08 Mar 2023 — wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This code... • https://docs.rs/wasmtime/latest/wasmtime/struct.Config.html#method.wasm_simd • CWE-193: Off-by-one Error •
CVSS: 7.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39392 – Wasmtime vulnerable to out of bounds read/write with zero-memory-pages configuration
https://notcve.org/view.php?id=CVE-2022-39392
10 Nov 2022 — Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator when the allocator is configured to give WebAssembly instances a maximum of zero pages of memory. In this configuration, the virtual memory mapping for WebAssembly memories did not meet the compiler-required configuration requirements for safely executing WebAssembly modules. Wasmtime's default settings require virtual memory page faults to indicate that was... • https://github.com/bytecodealliance/wasmtime/commit/e60c3742904ccbb3e26da201c9221c38a4981d72 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 8.6EPSS: 0%CPEs: 2EXPL: 0CVE-2022-39393 – Wasmtime vulnerable to data leakage between instances in the pooling allocator
https://notcve.org/view.php?id=CVE-2022-39393
10 Nov 2022 — Wasmtime is a standalone runtime for WebAssembly. Prior to version 2.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`. Wasmtime es una ejecución independiente... • https://github.com/bytecodealliance/wasmtime/commit/2614f2e9d2d36805ead8a8da0fa0c6e0d9e428a0 • CWE-212: Improper Removal of Sensitive Information Before Storage or Transfer CWE-226: Sensitive Information in Resource Not Removed Before Reuse •